Constant Struggle: How Spammers Keep Ahead Of Technology

Efforts to use automation to outsmart spammers and crooks online have had spotty results. Often it's because spammers keep coming up with new tricks to work their way around anti-spam technology, forcing the good guys to continually play catch-up.

A few years ago, Bayesian classification seemed a promising way to filter spam. "The premise of Bayesian classification is that legitimate mail that a user gets is very different from spam mail," says Vipul Ved Prakash, founder and chief scientist at anti-spam company Cloudmark Inc. "All the words, phrases, URLs inside those messages, they're very different from spammy words, phrases, and URLs."

To defeat Bayesian filters, spammers have taken to "Bayesian poisoning." This involves using programs linked to databases of legitimate words--those not normally seen in spam--that insert those words into E-mail, often in a way that's not visible to the recipient (white text on a white background, for example) but is to the spam filter.

"The automata will just keep selecting random words from the legit dictionary," Ved Prakash says. "When it reaches a Bayesian filtering system, it looks at these legitimate words and the probability that these words are associated with a spam message is really low. And the program will classify this as legitimate mail."

But that's not where it ends. The user looks at this message and can tell it's spam. So the user blocks it and trains the filter based on this message. "What that ends up doing is all those words, which are legitimate words, they become spammy words," Ved Prakash says. That chips away at the effectiveness of a Bayesian classifier, since it runs out of words that differentiate spam and legitimate E-mail.

Spammers have been successful enough that the opposition has tried adopting some of their tactics. Lycos Europe N.V. last year offered a screen saver that harnessed the computing power of its users to conduct a distributed denial-of-service attack on spammers' Web sites. After public criticism and spammer retaliation, Lycos withdrew the software. Gartner analyst John Pescatore likens such tactics to "throwing wood chips at termites to keep them away." He holds out more hope for tech companies developing effective products.

"There are starting to be some good defensive measures," Pescatore says, "but the idea of trying to fight back never works. Most of the criminals have nothing else to do all day long, whereas the good guys have real jobs. You can't win that battle."

Return to main story, Machine Wars

Illustration by Jeff Soto